Schools and Cyber Risk

Introduction

Technology and education are now firmly intertwined. While innovative technology has been a longstanding feature at Universities, recent developments have now enabled even the smallest of primary schools to have tech firmly rooted in their daily lives. It is evident that technology certainly enhances the education sector, but with it brings several risks. Schools and education systems therefore need to take their responsibilities seriously to protect their reputation, their staff and their pupils from the increasing dangers of the digital world.

The education sector faces a complex threat landscape, with threat actors targeting establishments for a variety of reasons; whether this be a student seeking revenge on their school, a hacker looking for a challenge, or most terrifyingly seeking to gain access to a treasure trove of minors’ personal information. This information is gold dust to a hacker who can use it as ransom and/or sell it illegally on the dark web. The resulting educational disruption including the potential loss of saved work can also have detrimental effects on a student’s education, as well as reputational damage to the school, lost business income and legal and regulatory fines.

Unfortunately, stretched budgets are a fact of life in the education sector, and therefore cyber security in the past has not always been regarded as a high priority. With the newly implemented GDPR and the growing incidence of malicious attacks, the education sector must recognise that cyber attacks are a real threat and protectionist measures must be implemented and updated.

Types of Cyber Claims

A school in the USA was hacked by an 18-year-old who had quickly become bored of decoding websites. Instead he deployed a series of malware attacks in which he changed student’s grades and stole the personal information of teachers; changing their profiles and sending political mass emails to students and parents. If the school had purchased a comprehensive cyber policy, the business interruption costs would have been covered and succinct post breach advice would have been offered alongside PR strategies and mitigation techniques.

A high profile private school in the UK suffered a series of phishing attacks, in which hackers stole personally identifiable data that they used to target parents with fake invoices. While phishing attacks can admittedly be difficult to detect, pre-breach education as offered by a cyber insurance policy could have offered valuable advice to teachers, parents and children of the key signifiers in fraudulent emails. Additionally, a comprehensive cyber insurance policy would have ensured that sensitive information was better protected to prevent access to the data in the first place.

The US saw a series of cyber-attacks in which criminals stole sensitive student data, threatening to release it unless a ransom was paid. In some cases, the incident included threats of violence, shaming and bullying unless the payment was received. With the hackers having access to social security numbers, phone numbers, addresses and most alarmingly the school’s security cameras, the school was forced to call the FBI. With a cyber policy in place, the business interruption costs would have been covered and most importantly, a cyber security specialist would have been on hand to offer post breach advice.

Risk Transfer

As evidenced in the above examples, cyber insurance can help schools to both mitigate the risk, and lessen the burden following an attack. When considering the extent of modern threats, it is essential that cyber insurance forms part of a school’s overall risk management. A cyber policy offers third and first party coverage, to ensure that the school is comprehensively protected. Additionally, all Safeonline Cyber policies include complementary pre and post breach services offered by CyberScout and can be tailor made to provide the best cyber solution to fit the differing requirements of the education sector.

Safeonline LLP encourages everyone in the UK to follow Government advice and to stay inside as much as possible during this national emergency. It is the only way to save our NHS and the lives of many.

Safeonline are well versed in agile and remote working and continue to operate as normal, despite the tricky times. Please do not hesitate to get in touch should you require assistance with any current or new placements.